Victor Duchovni wrote:
The usual interpretation seems to be not an alternative in the sense
of "one more of the same", but rather "one more and possibly better
*representation* of the same".
The subject name in the certificate is an X.500 DN. What Internet
applications that want to authenticate
A1:Nothing to do because the Windows would do it automaticaly by a "CSP"
A2:Search in MSDN with the keyword "make a PKCS#10 request"
2006/4/22, Sven Löschner <[EMAIL PROTECTED]>:
Hello,At the moment I have a site, where a user can login with a certificate Icreate and give to him. No problems so fa
Kyle Hamilton wrote:
> avoid ECB mode. Schneier's _Applied Cryptography_ goes into why, but
> basically it has to do with the fact that once someone knows the
> plaintext of a given block, that block will always be transparent to
> them.
A great demonstration with images at
http://en.wikipedia.or
avoid ECB mode. Schneier's _Applied Cryptography_ goes into why, but
basically it has to do with the fact that once someone knows the
plaintext of a given block, that block will always be transparent to
them.
-Kyle H
On 4/21/06, cy pher <[EMAIL PROTECTED]> wrote:
> Until i buy one of the books i
Thanks for the answers, you helped me lot!
Thank you.
CyPher
On Fri, 21 Apr 2006 21:06:04 +0200, "Marek Marcola"
<[EMAIL PROTECTED]> said:
> Hello,
>
> > i want to encrypt and decrypt strings, now i'm using the ecb
> encryption
> > of openssl/aes.h
> > and it looks the encrypted block length dep
Victor Duchovni wrote:
is rather muddy... Used by whom? For what? In addition? Instead? So
perhaps the HTTPS RFC elaborates the intent of a rather poorly worded
base RFC.
Agreed. Yes, rfc2818 elaborates the intent in rfc2459 (which
got obsoleted by rfc3280). However, in the IETF SIP WG, we
ar
On Fri, Apr 21, 2006 at 02:11:39PM -0500, Vijay K. Gurbani wrote:
> Victor Duchovni wrote:
> >The usual interpretation seems to be not an alternative in the sense
> >of "one more of the same", but rather "one more and possibly better
> >*representation* of the same".
> >
> >The subject name in the
Victor Duchovni wrote:
The RFC recommends that one leave out the subject DN, and add a critical
extension with altNames. This does not really explain how matching
should work when the subject DN is present. HTTPS is not necessarily
normative for STARTTLS with SMTP, but in the absence of other gui
On Fri, Apr 21, 2006 at 11:55:46AM -0700, Heikki Toivonen wrote:
> > On Fri, Apr 21, 2006 at 12:24:10PM -0400, Victor Duchovni wrote:
> >> in X.500 DNs as candidate DNS names is a transitional hack. When DNS
> >> names are present in the SubjectAlternativeName extension, these (with RFC
> >> bless
Victor Duchovni wrote:
The usual interpretation seems to be not an alternative in the sense
of "one more of the same", but rather "one more and possibly better
*representation* of the same".
The subject name in the certificate is an X.500 DN. What Internet
applications that want to authenticate
Hello,
> i want to encrypt and decrypt strings, now i'm using the ecb
encryption
> of openssl/aes.h
> and it looks the encrypted block length depends on the key, or the
> encrypted msg has an \0 in.
In AES encryption/decryption block size is always 16 bytes and not
depends on key size.
Key size fo
Victor Duchovni wrote:
> On Fri, Apr 21, 2006 at 12:24:10PM -0400, Victor Duchovni wrote:
>> in X.500 DNs as candidate DNS names is a transitional hack. When DNS
>> names are present in the SubjectAlternativeName extension, these (with RFC
>> blessing) are taken to represent *ALL* the valid DNS nam
On Fri, Apr 21, 2006 at 02:28:12PM -0400, Richard Salz wrote:
> > Here we go: RFC 2818 section 3.1:
>
> You rock.
Thanks. Much of the credit goes to Lutz, since his peer verification
code for Postfix is how I learned this particular wizardly lore.
--
Viktor.
___
> Here we go: RFC 2818 section 3.1:
You rock.
/r$
--
SOA Appliances
Application Integration Middleware
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On Fri, Apr 21, 2006 at 12:24:10PM -0400, Victor Duchovni wrote:
> The subject name in the certificate is an X.500 DN. What Internet
> applications that want to authenticate a connection to a given host are
> trying to verify is a DNS name. The convention for overloading CommonName
> in X.500 DNs
This may or may not be a useful example:
static int
rn_crypto_bulk(char *buffer, char *out, BF_KEY *key, int cmd, size_t
len) {
int c = 0; // Temp counter
char tmp[8] = { 0 };// Temp buffer
char *ptr = out;// Pointer to out buffer
while(c < len)
{
// Perfomr th
Until i buy one of the books i have a question, which may be very easy
to you, but, now i really need the ansver:
i want to encrypt and decrypt strings, now i'm using the ecb encryption
of openssl/aes.h
and it looks the encrypted block length depends on the key, or the
encrypted msg has an \0 in.
On Fri, Apr 21, 2006 at 11:42:34AM -0400, Richard Salz wrote:
> > Wow a 512 bit key! Really unwise.
>
> Ture.
>
> > You did not mention the
> >
> > X509v3 Subject Alternative Name:
> > DNS:helpdesk.cis.uab.edu
> >
> > When this is present the CN is ignored.
>
>
> Really? T
Hello,
At the moment I have a site, where a user can login with a certificate I
create and give to him. No problems so far.
But now I want two things:
1.
I would like to write the certificate on a Smartcard, so the user can insert
this smartcard and tip a PIN to authenticate on the server, ins
Richard Salz wrote:
Wow a 512 bit key! Really unwise.
Ture.
It's already been replaced with a 2048 bit key. :-) I was just
grasping at straws last night trying to figure out what was wrong.
You did not mention the
X509v3 Subject Alternative Name:
DNS:helpdesk
> Wow a 512 bit key! Really unwise.
Ture.
> You did not mention the
>
> X509v3 Subject Alternative Name:
> DNS:helpdesk.cis.uab.edu
>
> When this is present the CN is ignored.
Really? That seems like a bug. There's a reason why it's called
subjectAlternativeName, and not
On Fri, Apr 21, 2006 at 09:16:51AM -0500, Fran Fabrizio wrote:
> >The other lesson here, is don't be skimpy in your error reports. If your
> >server were not reachable from the public Internet, nobody would have
> >been able to help you. The key evidence (the details of the certificate)
> >was nev
The other lesson here, is don't be skimpy in your error reports. If your
server were not reachable from the public Internet, nobody would have
been able to help you. The key evidence (the details of the certificate)
was never reported.
Part of being a newbie (as I am when it comes to signing
On Fri, Apr 21, 2006 at 09:00:17AM -0500, Fran Fabrizio wrote:
>
> Yes, I need to make a stronger permanent key. I've been playing with
> all the various settings trying to figure out what's wrong: this is
> about the 7th certificate I've made for this server. :-)
>
> The helpdesk.cis.uab.edu
Yes, I need to make a stronger permanent key. I've been playing with
all the various settings trying to figure out what's wrong: this is
about the 7th certificate I've made for this server. :-)
The helpdesk.cis.uab.edu is an alias for the CA server, not for this
email server. But you seem
On Fri, Apr 21, 2006 at 07:00:32AM -0500, Fran Fabrizio wrote:
> Here's the conf file I used when I generated the request:
>
> >[EMAIL PROTECTED] CisCA]# more EmailServer.cnf
> >[ req ]
> >prompt = no
> >distinguished_name = crier.cis.uab.edu
> >
> >[ crier.cis.uab.edu ]
>
eda ithu enthade
Sanjay Vasudevan wrote:
On Friday 21 April 2006 06:23 am, Fran Fabrizio wrote:
"You have attempted to establish a connection to imap.cis.uab.edu.
However, the security certificate presented belongs to imap.cis.uab.edu."
Is that exactly how it is written? If so, you might h
Hi,
There is another book from O'Reilly: "Network Security with OpenSSL",
from John Viega, Matt Messier and Pravir Chandra.
Hope it will help ;)
Marek Marcola a écrit :
Hello,
I'm newbie at using openssl libs, and i need a documantation where i can
read about the function of lib
PS - I know the conf file says crier.cis.uab.edu and below I wrote imap.
The imap was just for example purposes; the one and only machine name
is crier.cis.uab.edu.
(Sometimes simplifying for example purposes ends up complicating... :-)
Brad Hards wrote:
On Friday 21 April 2006 06:23 am,
Here's the conf file I used when I generated the request:
[EMAIL PROTECTED] CisCA]# more EmailServer.cnf
[ req ]
prompt = no
distinguished_name = crier.cis.uab.edu
[ crier.cis.uab.edu ]
commonName = crier.cis.uab.edu
stateOrProvinceName = Alabama
countryN
Hello,
> I'm newbie at using openssl libs, and i need a documantation where i can
> read about the function of libssl,
> for example: i want to use aes for message encrypting, and i have to
> know things like what length of key can i use..
> I tried some keys and i found that the key length must be
Hi!
I'm newbie at using openssl libs, and i need a documantation where i can
read about the function of libssl,
for example: i want to use aes for message encrypting, and i have to
know things like what length of key can i use..
I tried some keys and i found that the key length must be 16 or 32byt
On Fri, Apr 21, 2006, Rory Vieira wrote:
> Bernhard Froehlich wrote:
>
> >Rory Vieira wrote:
> >
> >>Hi,
> >>
> >>For our customers we make backups (like everyone else).
> >>However, legal restrictions apply to the specific branche we work in.
> >>We are required to encrypt the data.
> >>
> >>..
On Friday 21 April 2006 06:23 am, Fran Fabrizio wrote:
> "You have attempted to establish a connection to imap.cis.uab.edu.
> However, the security certificate presented belongs to imap.cis.uab.edu."
Is that exactly how it is written? If so, you might have signed the
certificate with a FQDN (end
Guys,
C'mon guys, lighten up. It's a joke, a pun.see in music, there are
keysthe key of F has one flat, the key of D has two sharps, etc.
Don't have your head so far down in the nuts and bolts...time for a
vacationand leave your email and cellphone behind.
the posters nati
Bernhard Froehlich wrote:
Rory Vieira wrote:
Hi,
For our customers we make backups (like everyone else).
However, legal restrictions apply to the specific branche we work in.
We are required to encrypt the data.
...
Thanks in advance...
As far as I know there is no tool in openssl you c
36 matches
Mail list logo
